Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KB9iJQ0XQ_ydY1hLKkIlElMWcUE.roa
File: KB9iJQ0XQ_ydY1hLKkIlElMWcUE.roa (raw, json)
Hash identifier: jRZ9ctHTJu9iW4CNSnz23XFGZMhN2jhfsyHwuYkFsVM=
Subject key identifier: 28:1F:62:25:0D:17:43:FC:9D:63:58:4B:2A:42:25:12:53:16:71:41
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019585D9EFB0DD895F3B613B40EE16E4C975
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KB9iJQ0XQ_ydY1hLKkIlElMWcUE.roa
Signing time: Tue 11 Mar 2025 15:36:47 +0000
ROA not before: Tue 11 Mar 2025 15:36:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.149.241.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.104.0/24 maxlen: 24
94.156.105.0/24 maxlen: 24
94.156.106.0/24 maxlen: 32
94.156.166.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:85:d9:ef:b0:dd:89:5f:3b:61:3b:40:ee:16:e4:c9:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 11 15:36:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=281f62250d1743fc9d63584b2a42251253167141
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:24:83:f2:4b:94:df:9a:7c:b3:8d:d9:de:e5:
70:f3:f5:27:4f:2c:72:7a:65:ef:9f:bd:db:1b:df:
bc:5d:32:40:85:a5:07:a5:ac:c0:b3:75:c6:b8:07:
9d:62:53:1a:7e:a2:84:59:ec:22:18:ff:b7:10:c3:
d1:37:6a:f5:0e:37:06:25:2b:b5:88:32:11:e8:f0:
cf:fc:75:15:4b:59:a5:d8:ca:a3:5f:0e:b2:ce:a7:
a0:73:72:2b:6b:6b:80:49:b7:35:95:48:05:d1:fb:
c7:88:db:8a:05:1e:fa:f5:3f:b4:da:23:c3:75:d0:
59:88:37:a4:ec:1c:36:49:6d:68:8a:3b:1b:81:70:
5f:65:4d:cf:4a:f1:1a:3d:0d:24:a4:01:8f:e0:b1:
bb:18:0d:66:19:0e:d8:dd:8d:3d:da:6b:e2:e8:e9:
e4:9c:dc:5c:88:9a:6d:91:2c:39:c8:4a:36:9d:3f:
e0:65:ed:79:dc:dd:e7:87:cd:55:28:25:b3:98:cc:
96:ed:05:d9:d4:14:e5:5f:af:fa:25:b7:99:1f:40:
b0:dc:86:e5:96:43:b5:07:13:80:bc:79:96:a9:bd:
ea:bd:62:01:d9:d5:1b:fa:0b:2f:e3:72:34:91:c1:
88:21:3a:89:a0:6f:40:89:32:88:27:97:7a:82:86:
1b:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:1F:62:25:0D:17:43:FC:9D:63:58:4B:2A:42:25:12:53:16:71:41
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KB9iJQ0XQ_ydY1hLKkIlElMWcUE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.149.241.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.230.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
85.31.47.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.104.0-94.156.106.255
94.156.166.0/23
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
52:54:b3:0c:51:ff:57:c8:cc:0d:33:b8:c5:69:26:93:c2:a0:
c2:db:88:2c:b3:d5:62:d0:21:ed:cc:e1:b4:37:b7:10:f5:fb:
68:ef:8f:0d:07:ab:ef:0d:34:59:2d:f2:33:d8:96:6f:ed:37:
45:e6:48:03:da:37:9a:f2:e0:ef:90:1e:80:f9:02:90:5e:67:
0b:a3:5a:6e:c6:72:85:25:82:16:3d:a8:a6:d9:4f:f4:a4:02:
25:2d:f4:94:41:72:fa:9a:1c:b3:dd:12:2c:29:1a:0d:a0:31:
24:c1:4a:fb:ed:f7:9c:2d:ad:73:87:c5:59:08:05:d1:16:4e:
b6:c5:ef:89:61:fd:cf:db:12:9b:a3:1b:4a:7d:e0:67:79:d1:
2c:6e:da:03:77:50:71:64:6f:ec:b9:cd:26:58:eb:4f:d3:cc:
10:fa:a1:26:98:82:43:5a:6b:dc:18:54:3c:96:42:3b:ba:15:
a1:95:6e:e3:51:48:8c:48:f4:51:45:76:ad:5d:b1:0d:d2:03:
15:b0:c7:22:80:47:ca:e0:a8:1b:36:ff:b6:36:67:76:b0:5e:
c9:fe:93:2b:72:81:6f:90:c6:0a:b7:c2:e9:95:af:ed:62:01:
71:31:c3:a1:ac:0c:62:88:dc:6f:e0:ed:06:4b:31:fc:2d:d8:
08:7f:d8:c6
-----BEGIN CERTIFICATE-----
MIIGUzCCBTugAwIBAgISAZWF2e+w3YlfO2E7QO4W5Ml1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzExMTUzNjQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODFmNjIyNTBkMTc0M2ZjOWQ2MzU4NGIyYTQyMjUxMjUzMTY3MTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CSD8kuU35p8s43Z3uVw8/UnTyxy
emXvn73bG9+8XTJAhaUHpazAs3XGuAedYlMafqKEWewiGP+3EMPRN2r1DjcGJSu1
iDIR6PDP/HUVS1ml2MqjXw6yzqegc3Ira2uASbc1lUgF0fvHiNuKBR769T+02iPD
ddBZiDek7Bw2SW1oijsbgXBfZU3PSvEaPQ0kpAGP4LG7GA1mGQ7Y3Y092mvi6Onk
nNxciJptkSw5yEo2nT/gZe153N3nh81VKCWzmMyW7QXZ1BTlX6/6JbeZH0Cw3Ibl
lkO1BxOAvHmWqb3qvWIB2dUb+gsv43I0kcGIITqJoG9AiTKIJ5d6goYbUwIDAQAB
o4IDXzCCA1swHQYDVR0OBBYEFCgfYiUNF0P8nWNYSypCJRJTFnFBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS0I5aUpRMFhRX3lkWTFoTEtrSWxFbE1XY1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBcwYIKwYBBQUHAQcBAf8EggFiMIIBXjCCAVoEAgABMIIB
UgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NngMEAC2V8TAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQA
UaHmAwQAUaHuAwQAU9thAwQAVDYwAwQAVR8vAwQAV3hXMAwDBARXeHADBAFXeHQD
BAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5
ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5MgMEAF17bQMEAl6aoAMEAF6cCwMEA16c
QDAMAwQDXpxoAwQAXpxqAwQBXpymAwQAXpyzAwQAbc7tAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIAwQAstfgAwQCudhUAwQCudpUAwQAwRnYAwQAwjFeAwQAwje6AwQA
wqmvMA0GCSqGSIb3DQEBCwUAA4IBAQBSVLMMUf9XyMwNM7jFaSaTwqDC24gss9Vi
0CHtzOG0N7cQ9fto748NB6vvDTRZLfIz2JZv7TdF5kgD2jea8uDvkB6A+QKQXmcL
o1puxnKFJYIWPaim2U/0pAIlLfSUQXL6mhyz3RIsKRoNoDEkwUr77fecLa1zh8VZ
CAXRFk62xe+JYf3P2xKboxtKfeBnedEsbtoDd1BxZG/suc0mWOtP08wQ+qEmmIJD
WmvcGFQ8lkI7uhWhlW7jUUiMSPRRRXatXbEN0gMVsMcigEfK4KgbNv+2Nmd2sF7J
/pMrcoFvkMYKt8Lpla/tYgFxMcOhrAxiiNxv4O0GSzH8LdgIf9jG
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:26:35 2025 by rpki-client